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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 . 1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )Kl Responsive to communication(s) filed on 21 June 2004 . 
2a)D This action is FINAL. 2b)[El This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 
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4) E] Claim(s) 1-15 and 17-30 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) [X] Claim(s) 1-15 and 17-30 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 
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1 0 Certified copies of the priority documents have been received. 

2.0 Certified copies of the priority documents have been received in Application No. . 
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application from the International Bureau (PCT Rule 17.2(a)). 
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DETAILED ACTION 

Continued Examination Under 3 7 CFR 1.114 

1 . A request for continued examination under 37 CFR 1.114, including the fee set forth in 
37 CFR 1.17(e), was filed in this application after final rejection. Since this application is 
eligible for continued examination under 37 CFR 1.1 14, and the fee set forth in 37 CFR 1.17(e) 
has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 
37 CFR 1.114. Applicant's submission filed on 6/21/04 has been entered. 

The communication filed on 6/21/04 amended Claims 15, 17, 23 and 24 and added claims 
27-30. Claims 1-15 and 17-30 are pending. 
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Claim Rejections - 35 USC § 102 
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(a) the invention was known or used by others in this country, or patented or described in a printed publication in this 
or a foreign country, before the invention thereof by the applicant for a patent. 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 



2. Claims 1-15 and 17-26 are rejected under 35 U.S.C. 102(b) as being anticipated by 
Minearet al (GB 2317792). 

Referring to Claims 1 and 6: 

Minear disclose a method comprising: 

determining at a classifying forwarding element if a classification parameter is available 
for Internet Protocol security (IPsec) traffic that indicates a route for the IPsec traffic and 
classifying said traffic if available (col 7, lines 15-30); 

if said classification parameter is not available, and the IPsec traffic is encrypted then 
decrypting traffic in a decrypting forwarding element after said traffic has passed through said 
classifying forwarding element (col 4, lines 10-15), and determining the classification parameter 
for the IPsec traffic at the decrypting forwarding element (col 9, lines 20-30); and 

forwarding the EPsec traffic based on the classification parameter (col 10, lines 1-10). 
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Referring to Claim 11: 

Minear discloses a system comprising: 

a classifying forwarding element configured to communicate with a network, to 
determine a classification parameter that indicates a route for a traffic stream is available for a 
packet included in the traffic stream (col 9, lines 20-30); and 

a decryption forwarding element configured to receive the packet from the classifying 
forwarding element, to perform an encryption-related procedure on the packet if the packet is 
encrypted and associated with a known encryption-related key (col 4, lines 10-15; col 7, lines 15- 
25;), and determine said classification parameter, if the classification parameter is available from 
either of said forwarding elements, to forward the packet based on the route for the traffic stream 
(col 7, lines 15-30). 

Referring to Claims 2 and 7: 

Minear discloses the limitations of Claims 1 and 6 above. Minear further discloses 
receiving the IPsec traffic at the classifying forwarding element (col 7, lines 20-30). 

Referring to Claim 3 and 8: 

Minear discloses the limitations of Claims 1 and 6 above. Minear further discloses the 
classification parameter includes a security parameter index (SPI) associated with the IPsec 
traffic (col 7, lines 15-25). 
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Referring to Claims 4 and 9: 

Minear discloses the limitations of Claims 1 and 6 above 
IPsec traffic includes a data packet (col 7, lines 15-30). 

Referring to Claims 5 and 10: 

Minear discloses the limitations of Claims 1 and 6 above. Minear further discloses 
forwarding other IPsec traffic included in a traffic stream with the IPsec traffic based on the 
classification parameter (col 8, lines 25-30; col 9, lines 5-15). 

Referring to Claim 12: 

Minear discloses the limitations of Claims 1 1 above. Minear further discloses a third 
mechanism configured to communicate with the classifying forwarding element and with the 
decryption forwarding element and to determine a classification parameter for the packet if a 
classification parameter is not available (col 7, line 20-col 8, line 15). 

Referring to Claim 13: 

Minear discloses the limitations of Claims 12 above. Minear further discloses the second 
mechanism is also configured to forward the packet to the third mechanism if the packet is not 
associated with a known encryption-related key (col 9, lines 15-30; col 17, lines 30-40). 
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. Minear further discloses the 
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Referring to Claim 14: 

Minear discloses the limitations of Claims 12 above. Minear further discloses the third 
mechanism is also configured to, after determining the classification parameter for the packet, 
forward the classification parameter to the first mechanism (col 9, lines 10-30). 

Referring to Claim 15: 

Minear discloses the limitations of Claims 12 above. Minear further discloses the third 
mechanism is also configured to, after determining the encryption-related key for the packet, 
forward the encryption-related key to the decryption forwarding element so that the decryption 
forwarding element can perform the encryption-related procedure (col 7, lines 15-30). 

Referring to Claim 17: 

Minear discloses the limitations of Claims 1 1 above. Minear further discloses a plurality 
of additional mechanisms, each additional mechanism configured to communicate with the 
classification forwarding device to perform an encryption-related procedure on the packet if the 
packet is encrypted and associated with a known encryption-related key (col 7, line 25-col 8, line 
15), and, if the classification parameter is available, to forward the packet based on the route for 
the traffic stream (col 8, lines 25-30). 
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Referring to Claim 18. 

Minear discloses the limitations of Claims 1 1 above. Minear further discloses the packet 
includes an Internet Protocol security data packet (col 8, lines 15-30). 

Referring to Claim 19: 

Minear discloses the limitations of Claims 1 1 above. Minear further discloses the traffic 
stream includes a plurality of Internet Protocol security data packets (col 8, lines 15-30). 

Referring to Claim 20: 

Minear discloses the limitations of Claims 1 1 above. Minear further discloses the first 
mechanism is also configured to forward the packet to the second mechanism if the packet is 
encrypted (col 9, lines 25-30). 

Referring to Claim 21 : 

Minear discloses the limitations of Claims 1 1 above. Minear further discloses the route 
for the traffic stream includes a route through a network (col 5, lines 20-30; col 10, lines 1-15). 

Referring to Claim 22: 

Minear discloses the limitations of Claims 21 above. Minear further discloses the 
network includes an Internet (Fig. 1). 
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Referring to Claim 23: 

Minear discloses the limitations of Claims 1 1 above. Minear further discloses the 
encryption-related procedure includes encrypting the packet (col 21, lines 1-25). 

Referring to Claim 24: 

Minear discloses the limitations of Claims 1 1 above. Minear further discloses the 
encryption-related procedure includes decrypting the packet (col 21, lines 15-25). 

Referring to Claim 25 : 

Minear discloses the limitations of Claims 1 1 above. Minear further discloses another 
mechanism configured to receive the packet from the second mechanism and to forward the 
packet based on the route to an ultimate destination of the packet (col 19, lines 1-10; col 22, lines 
20-30). 

Referring to Claim 26: 

Minear discloses the limitations of Claims 1 1 above. Minear further discloses the first 
mechanism is also configured to route packets included in the traffic stream based on a load 
balancing scheme (col 19, lines 5-15; col 22, lines 5-20). 
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3. Claims 27-30 are rejected under 35 U.S.C. 
(US 6,157,955). 
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102(a, e) as being anticipated by Narad et al 



Referring to Claim 27: 

Narad discloses a first classifying forwarding element in communication with a network, 
the first classifying forwarding element having an output (col 40, lines 25-40); 

a plurality of decrypting forwarding elements in communication with the output of the 
first classifying forwarding element, each of the plurality of decrypting forwarding elements 
having an output ( col 9, lines 25-50; col 13, lines 30-50; col 16, lines 5-30); 

a control element in communication with the first classifying forwarding element and the 
plurality of decrypting forwarding elements (col 6, lines 55-col 7, line 10); and 

one or more second classifying forwarding elements in communication with one or more 
outputs of the decrypting forwarding elements, the one or more second classifying forwarding 
elements different than the first classifying forwarding element, the one or more second 
classifying forwarding elements each having an output (col 13, lines 30-45; col 14, lines 20-40). 

Referring to Claim 28: 

Narad discloses the limitation of Claim 27 above. Narad further discloses one or more 
servers in communication with the output of at least one of the one or more second classifying 
forwarding elements (col 6, lines 40-65). 
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Referring to Claim 29: 

Narad discloses the limitation of Claim 28 above. Narad further discloses the control 
element includes security information for the one or more Servers (col 10, lines 15-40). 

Referring to Claim 30: 

Narad discloses the limitation of Claim 29 above. Narad further discloses the security 
information includes one or more access tokens (col 9, lines 25-40; col 72, lines 30-40). 

Prior Art 

4. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 



US 6253321 issued to Nikander, Pekka et al. Nikander discloses a data processing 
system implements a security protocol based on processing data in packets. The data 
processing system comprises processing packets for storing filter code and processing data 
packets according to stored filter code, and a policy managing function for generating filter 
code and communicating generated filter code for packet processing. The packet processing 
function is arranged to examine, whether the stored filter code is applicable for processing a 
certain packet. If the stored filter code is not applicable for the processing of a packet, the 
packet is communicated to the policy managing function, which generates filter code applicable 
for the processing of the packet and communicates the generated filter code for packet 
processing. 
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Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Monplaisir G Hamilton whose telephone number is (703) 305- 
5116. The examiner can normally be reached on Monday - Friday (8:00 am - 4:30 pm). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Y Vu can be reached on (703) 305-4393. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 




